feed/packages.git
5 months agolibpfring: update to 8.4.0
John Thomson [Fri, 21 Oct 2022 04:01:24 +0000 (14:01 +1000)]
libpfring: update to 8.4.0

Release notes:
https://github.com/ntop/PF_RING/releases/tag/8.4.0

Signed-off-by: John Thomson <git@johnthomson.fastmail.com.au>
(cherry picked from commit 534bd518f3fff6c31656a1edcd7e10922f3e06e5)

5 months agohev-socks5-server: update to 2.6.6
Ray Wang [Mon, 3 Jun 2024 05:32:43 +0000 (13:32 +0800)]
hev-socks5-server: update to 2.6.6

Signed-off-by: Ray Wang <r@hev.cc>
(cherry picked from commit c6777c6ecc2a5097d3ef12b142c1d330f226cbf4)

5 months agoMerge pull request #24317 from p-w-p/xray-core_update
Tianling Shen [Tue, 4 Jun 2024 08:46:10 +0000 (16:46 +0800)]
Merge pull request #24317 from p-w-p/xray-core_update

[23.05] xray-core: update to 1.8.13

5 months agoxray-core: update to 1.8.13 24317/head
Tianling Shen [Fri, 24 May 2024 14:06:09 +0000 (22:06 +0800)]
xray-core: update to 1.8.13

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 6a9b65119d95ebddd5875135ffaca1fc77a28e5f)

5 months agonode: bump to v18.20.3
Hirokazu MORIKAWA [Mon, 3 Jun 2024 04:25:01 +0000 (13:25 +0900)]
node: bump to v18.20.3

Notable changes
This release fixes a regression introduced in Node.js 18.19.0 where http.server.close() was incorrectly closing idle connections.
A fix has also been included for compiling Node.js from source with newer versions of Clang.
The list of keys used to sign releases has been synchronized with the current list from the main branch.

Updated dependencies
* acorn updated to 8.11.3.
* acorn-walk updated to 8.3.2.
* ada updated to 2.7.8.
* c-ares updated to 1.28.1.
* corepack updated to 0.28.0.
* nghttp2 updated to 1.61.0.
* ngtcp2 updated to 1.3.0.
* npm updated to 10.7.0. Includes a fix from npm@10.5.1 to limit the number of open connections npm/cli#7324.
* simdutf updated to 5.2.4.
* zlib updated to 1.3.0.1-motley-7d77fb7.

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
5 months agosing-box: update to 1.9.0
Anya Lin [Thu, 30 May 2024 06:16:46 +0000 (14:16 +0800)]
sing-box: update to 1.9.0

Signed-off-by: Anya Lin <hukk1996@gmail.com>
(cherry picked from commit 087fe17bf746fa1edc6f452c02ac05d75fa93daf)

5 months agobanip: update 0.9.6-3
Dirk Brenken [Sat, 1 Jun 2024 14:06:59 +0000 (16:06 +0200)]
banip: update 0.9.6-3

* fixed concurrent, too high nft loads during feed processing (seen in LuCI frontend)

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 3584187f69f954e0e70dc86ffcf7d46d0df37452)

5 months agoapache: add compile fix for libxml-2.12.x
Michael Heimpold [Sun, 17 Dec 2023 13:25:51 +0000 (14:25 +0100)]
apache: add compile fix for libxml-2.12.x

libxml2 restructured includes, thus another include is now required
otherwise build fails.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 7009c6be73cdb1535c4e13bd86bbccb623cade87)

5 months agobanip: update 0.9.6-2
Dirk Brenken [Thu, 30 May 2024 19:36:33 +0000 (21:36 +0200)]
banip: update 0.9.6-2

* fix regex for nixspam and sslbl feed
* list the pre-routing limits in the banIP status
* small fixes and log improvements

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 27e86ef42e832545a9a66d479c4bbd99afaab5c5)

5 months agoxfrpc: update to 3.05.661
Dengfeng Liu [Mon, 27 May 2024 11:03:39 +0000 (19:03 +0800)]
xfrpc: update to 3.05.661

This version is compatible with FRPS 0.58.0

Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
(cherry picked from commit d5c22612a90e9a0fd09d4307e567240562a10287)

5 months agoxfrpc: Revised the config file and adjusted the corresponding init file
Dengfeng Liu [Mon, 27 May 2024 11:01:22 +0000 (19:01 +0800)]
xfrpc: Revised the config file and adjusted the corresponding init file

Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
(cherry picked from commit e39af317532bd67580e6d12d4b4c9590cafa574e)

5 months agoocserv: use a more neutral character for sed
Nikos Mavrogiannopoulos [Sun, 26 May 2024 15:35:05 +0000 (17:35 +0200)]
ocserv: use a more neutral character for sed

This resolves a startup issue.

Resolves: #24203

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
5 months agonextdns: Update to version 1.43.5
Olivier Poitrey [Fri, 24 May 2024 11:36:01 +0000 (11:36 +0000)]
nextdns: Update to version 1.43.5

Signed-off-by: Olivier Poitrey <rs@nextdns.io>
6 months agosing-box: update to 1.8.14
Van Waholtz [Mon, 25 Mar 2024 12:40:46 +0000 (20:40 +0800)]
sing-box: update to 1.8.14

Signed-off-by: Van Waholtz <brvphoenix@gmail.com>
(cherry picked from commit 2b7369c323ac232ccb39f0321c5b86053a29b263)

6 months agodnsdist: update to 1.9.4
Peter van Dijk [Mon, 13 May 2024 11:50:23 +0000 (13:50 +0200)]
dnsdist: update to 1.9.4

fixes CVE-2024-25581

Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
6 months agohaproxy: update to v2.8.9
Christian Lachner [Sun, 19 May 2024 08:35:41 +0000 (10:35 +0200)]
haproxy: update to v2.8.9

- Update haproxy PKG_VERSION and PKG_HASH
- See changes: http://git.haproxy.org/?p=haproxy-2.8.git;a=shortlog

Signed-off-by: Christian Lachner <gladiac@gmail.com>
6 months agobanip: release 0.9.6-1
Dirk Brenken [Sat, 18 May 2024 06:29:34 +0000 (08:29 +0200)]
banip: release 0.9.6-1

* refine IPv4 parsing, skip rough feed entries like loopback addresses
* better error logging during banIP nftables initialization and Set loading
* cosmetics

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit ccca9c832540d9eea78d5a438c14142f8e087735)

6 months agoopenconnect: introduced URI parameter
Nikos Mavrogiannopoulos [Thu, 9 May 2024 19:18:44 +0000 (21:18 +0200)]
openconnect: introduced URI parameter

This allows specifying a camouflage string in ocserv.

Fixes: #23364
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
6 months agoopenconnect: backport fix for anyconnect compatibility
Nikos Mavrogiannopoulos [Thu, 9 May 2024 19:00:31 +0000 (21:00 +0200)]
openconnect: backport fix for anyconnect compatibility

Fixes: #21135
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
6 months agogptfdisk: update to 1.0.10
krant [Thu, 11 Apr 2024 19:27:13 +0000 (22:27 +0300)]
gptfdisk: update to 1.0.10

- Delete upstreamed patch

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
(cherry picked from commit ad6344d0455038e374f57a7fb15d3d1ace8d889b)

6 months agogolang: Update to 1.21.10
Tianling Shen [Sat, 11 May 2024 05:49:37 +0000 (13:49 +0800)]
golang: Update to 1.21.10

go1.21.10 (released 2024-05-07) includes security fixes to the go
command, as well as bug fixes to the net/http package.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
6 months agoMerge pull request #24139 from stangri/openwrt-23.05-adblock-fast
Stan Grishin [Mon, 13 May 2024 23:03:32 +0000 (16:03 -0700)]
Merge pull request #24139 from stangri/openwrt-23.05-adblock-fast

[23.05] adblock-fast: update to 1.1.2-1

6 months agopdns-recursor: update to 4.8.8
Peter van Dijk [Tue, 30 Apr 2024 13:47:26 +0000 (15:47 +0200)]
pdns-recursor: update to 4.8.8

fixes CVE-2024-25583; also includes changes from 4.8.7 that
fix regressions introduced with the security fixes in 4.8.6

Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
6 months agoadblock-fast: update to 1.1.2-1 24139/head
Stan Grishin [Mon, 13 May 2024 04:30:55 +0000 (04:30 +0000)]
adblock-fast: update to 1.1.2-1

* move extra_command and EXTRA_HELP to the top of the init file
* add packageCompat variable for compatibility check with WebUI
* add OutputFilter variables for supported resolvers
* simplify adb_check with the use of OutputFilter variables
* add show_blocklist command to display currently blocked domains

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit fb151d5b8269f458cd54b75975d6a63ad8401b35)

6 months agoocserv: updated to 1.3.0
Nikos Mavrogiannopoulos [Mon, 6 May 2024 06:30:19 +0000 (08:30 +0200)]
ocserv: updated to 1.3.0

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
6 months agobanip: update 0.9.5-5
Dirk Brenken [Sun, 5 May 2024 19:57:28 +0000 (21:57 +0200)]
banip: update 0.9.5-5

* fix a processing race condition
* it's now possible to disable the icmp/syn/udp safeguards in pre-routing - set the threshold to '0'.

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 083554094b169ad79ce4d4054e227f0829722de7)

6 months agodocker: Update to 26.1.0
Gerard Ryan [Wed, 1 May 2024 11:51:07 +0000 (21:51 +1000)]
docker: Update to 26.1.0
* Removed unnecessary GO lang variables

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
6 months agodockerd: Update to 26.1.0
Gerard Ryan [Wed, 1 May 2024 11:50:47 +0000 (21:50 +1000)]
dockerd: Update to 26.1.0
* Removed unnecessary GO lang variables

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
6 months agocontainerd: Update to 1.7.15
Gerard Ryan [Wed, 1 May 2024 11:50:08 +0000 (21:50 +1000)]
containerd: Update to 1.7.15
* Explicitly list GO_PKG_INSTALL_EXTRA
* Removed unnecessary GO lang variables

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
6 months agouspot: update to Git HEAD (2024-05-03)
Thibaut VARÈNE [Sat, 4 May 2024 08:55:42 +0000 (10:55 +0200)]
uspot: update to Git HEAD (2024-05-03)

5e2d15a110bb treewide: remove tip_mode
e2dbdef4cf1e treewide: rename spotfilter -> uspotfilter
ef0f5291365b uspot/uspotfilter: implement disconnect_delay
92d3356d3fb3 update README

Update the package Makefile to reflect the changes from the following
above-listed commit:

e2dbdef4cf1e treewide: rename spotfilter -> uspotfilter

(cherry picked from commit 5181ce4a483711791329a13e07d29f9321d85178)
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
6 months agoxray-core: Update to 1.8.11
Tianling Shen [Fri, 3 May 2024 05:42:35 +0000 (13:42 +0800)]
xray-core: Update to 1.8.11

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 0db33e866b108b9d0768f6b9f488c2d99c2363bf)
[added a patch to fix build with go 1.21]
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
6 months agoxray-core: Update to 1.8.10
Tianling Shen [Mon, 1 Apr 2024 07:59:40 +0000 (15:59 +0800)]
xray-core: Update to 1.8.10

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 1b59556d06059cc87945ad52bdbccbfc06f93d9e)

6 months agoxray-core: Update to 1.8.9
Tianling Shen [Thu, 21 Mar 2024 07:02:50 +0000 (15:02 +0800)]
xray-core: Update to 1.8.9

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 09c4a4b1bab44a4d15a38907e4c48a9a09bb916d)

6 months agov2ray-core: Update to 5.16.0
Tianling Shen [Fri, 3 May 2024 05:54:50 +0000 (13:54 +0800)]
v2ray-core: Update to 5.16.0

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit c0608d93befc062e33fb7dc2adbb70abe262c8cf)

6 months agov2ray-geodata: Update to latest version
Tianling Shen [Fri, 3 May 2024 05:42:40 +0000 (13:42 +0800)]
v2ray-geodata: Update to latest version

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 3f7a3e4edfcd5c37abd68fdc19b25e7795589345)

6 months agoacme-acmesh: use validation_method option instead of guessing
Sergey Ponomarev [Wed, 28 Feb 2024 20:13:47 +0000 (22:13 +0200)]
acme-acmesh: use validation_method option instead of guessing

The new validation_method option can be: dns, webroot or standalone.
Previously we guessed the challenge type:
1. if the DNS provider is specified then it's dns
2. if standalone=1
3. fallback to webroot

The logic is preserved and if the validation_method wasn't set explicitly we'll guess it in old manner.

Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
6 months agohev-socks5-server: add new package
Ray Wang [Thu, 25 Apr 2024 13:36:14 +0000 (21:36 +0800)]
hev-socks5-server: add new package

HevSocks5Server is a high-performance socks5 server for Unix.

More details: https://github.com/heiher/hev-socks5-server

Signed-off-by: Ray Wang <r@hev.cc>
(cherry picked from commit 8d36908aead7a37416ff4ac74d7c6ff59ded505e)

6 months agonano: update to 8.0
Hannu Nyman [Fri, 3 May 2024 13:24:09 +0000 (16:24 +0300)]
nano: update to 8.0

Update nano editor to version 8.0

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 69166dbbb709625a848f327c9822c667db39744f)

6 months agobanip: update 0.9.5-4
Dirk Brenken [Wed, 1 May 2024 13:02:44 +0000 (15:02 +0200)]
banip: update 0.9.5-4

* optimized adding suspicious IPs to Sets in the log monitor
* re-added ipblackhole feed

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 4d7c38c7708110cb1d0290f50ef48129192dd76a)

6 months agonextdns: Update to version 1.43.3
Olivier Poitrey [Mon, 29 Apr 2024 21:54:23 +0000 (21:54 +0000)]
nextdns: Update to version 1.43.3

Signed-off-by: Olivier Poitrey <rs@nextdns.io>
6 months agodnsproxy: add three new features
Emily H. [Tue, 30 Apr 2024 11:03:38 +0000 (11:03 +0000)]
dnsproxy: add three new features

This commit adds the following features:
1. UCI support for local DNS over HTTPS/TLS/QUIC server.
2. UCI support for using private reverse DNS.
3. procd jail with CAP_NET_BIND_SERVICE, allowing
   dnsproxy to serve on standard ports directly.

Signed-off-by: Emily H. <battery_tag708@simplelogin.com>
(cherry picked from commit 5df794e34303ed2d1832c0626291ad392a228e8c)

6 months agomsmtp: update to version 1.8.25
Josef Schlehofer [Fri, 26 Apr 2024 13:35:52 +0000 (15:35 +0200)]
msmtp: update to version 1.8.25

Release notes:
https://marlam.de/msmtp/news/msmtp-1-8-25/

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 490866d752b41bc90661b10d2c9c41884575bf8b)

6 months agotransmission: update to version 4.0.5
Josef Schlehofer [Fri, 26 Apr 2024 08:38:20 +0000 (10:38 +0200)]
transmission: update to version 4.0.5

Release notes:
https://github.com/transmission/transmission/releases/tag/4.0.5

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 19a424aede70ddaedb1153144216db6423fa09e2)

6 months agosing-box: update to 1.8.12
Van Waholtz [Mon, 29 Apr 2024 09:08:50 +0000 (17:08 +0800)]
sing-box: update to 1.8.12

Signed-off-by: Van Waholtz <brvphoenix@gmail.com>
(cherry picked from commit 3fefdbf34bbe2601fcd677fd887e4156214b37ac)

6 months agoMerge pull request #24023 from rs/nextdns-1.43.0-openwrt-23.05
Stan Grishin [Mon, 29 Apr 2024 00:33:38 +0000 (17:33 -0700)]
Merge pull request #24023 from rs/nextdns-1.43.0-openwrt-23.05

[23.05] nextdns: Update to version 1.43.0

6 months agonextdns: Update to version 1.43.0 24023/head
Olivier Poitrey [Sun, 28 Apr 2024 00:47:37 +0000 (00:47 +0000)]
nextdns: Update to version 1.43.0

Signed-off-by: Olivier Poitrey <rs@nextdns.io>
6 months agolibndpi: backport patch for PCRE2 support
Christian Marangi [Wed, 1 Nov 2023 00:43:36 +0000 (01:43 +0100)]
libndpi: backport patch for PCRE2 support

Backport patch for PCRE2 support as PCRE is EOL and won't receive any
support updates anymore.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit baa0d5127062929fd26671adb5388f9b30b61a36)

6 months agoopenssh: bump to 9.7p1
John Audia [Tue, 12 Mar 2024 12:13:02 +0000 (08:13 -0400)]
openssh: bump to 9.7p1

Release notes: https://www.openssh.com/txt/release-9.7

Removed upstreamed patch: 010-better_fzero-call-detection.patch

Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 6be0617c00bdf5e9309ad3738d09fe498cb9fb0a)

6 months agolibrespeed-go: improve the description
Nathan Friedly [Thu, 25 Apr 2024 17:19:33 +0000 (13:19 -0400)]
librespeed-go: improve the description

This swaps the order of the lines in the description so that when LuCI displays only the first line, it still offers some helpful information.

Signed-off-by: Nathan Friedly <nathan@nfriedly.com>
(cherry picked from commit 06ea66c55866aa409ab567a593a22bd24e727f04)

6 months agolibrespeed-go: Reload the daemon after modifying the tls certificate
Anya Lin [Tue, 10 Oct 2023 01:13:14 +0000 (09:13 +0800)]
librespeed-go: Reload the daemon after modifying the tls certificate

Make the daemon reload after the tls certificate is updated

Signed-off-by: Anya Lin <hukk1996@gmail.com>
(cherry picked from commit fd1d506fff9462b3329585bdd148a6fd78cbd27a)

6 months agov2ray-core: Update to 5.15.3
Tianling Shen [Mon, 22 Apr 2024 07:26:22 +0000 (15:26 +0800)]
v2ray-core: Update to 5.15.3

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit ebed42fcb0e7e9bffee3c47b93244494377595ee)

6 months agobanip: update 0.9.5-3
Dirk Brenken [Fri, 26 Apr 2024 15:03:14 +0000 (17:03 +0200)]
banip: update 0.9.5-3

* allow multiple protocol/port definitions per feed, e.g. 'tcp udp 80 443 50000'
* removed the default protocol/port limitation from asn feed

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 2c6d5adac049a55ca067255da90dc938b5604249)

6 months agobanip: update 0.9.5-2
Dirk Brenken [Sun, 21 Apr 2024 19:57:17 +0000 (21:57 +0200)]
banip: update 0.9.5-2

* fixed possible Set search race condition (initiated from LuCI frontend)
* fixed the "no result" Set search problem in LuCI
* removed abandoned feeds: spamhaus edrop (was merged with spamhaus drop)

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit ad755e0c4ddb63f8b8ed2204043ce750a4d4b928)

6 months agobanip: release 0.9.5-1
Dirk Brenken [Fri, 19 Apr 2024 20:09:29 +0000 (22:09 +0200)]
banip: release 0.9.5-1

* added a DDoS protection rules in a new pre-routing chain to prevent common ICMP, UDP and SYN flood attacks and drop spoofed tcp flags & invalid conntrack packets, flood tresholds are configured via 'ban_icmplimit' (default 10/s), 'ban_synlimit' (default 10/s) and 'ban_udplimit' (default 100/s)
* the new pre-routing rules are tracked via named nft counters and are part of the standard reporting, set 'ban_logprerouting' accordingly
* block countries dynamically by Regional Internet Registry (RIR)/regions, e.g. all countries related to ARIN. Supported service regions are: AFRINIC, ARIN, APNIC, LACNIC and RIPE, set 'ban_region' accordingly
* it's now possible to always allow certain protocols/destination ports in wan-input and wan-forward chains, set 'ban_allowflag' accordingly - e.g. ' tcp 80 443-445'
* filter/convert possible windows line endings of external feeds during processing
* the cpu core autodetection is now limited to max. 16 cores in parallel, set 'ban_cores' manually to overrule this limitation
* set the default nft priority to -100 for banIP input/forward chains (pre-routing is set to -150)
* update readme
* a couple of bugfixes & performance improvements
* removed abandoned feeds: darklist, ipblackhole
* added new feeds: becyber, ipsum, pallebone, debl (changed URL)
* requires a LuCI frontend update as well (separate PR/commit)

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit fa80fefe22d0c7ca1c1e34deb52683b54af1ed17)

6 months agosyslog-ng: update to version 4.7.1
Josef Schlehofer [Fri, 26 Apr 2024 09:24:57 +0000 (11:24 +0200)]
syslog-ng: update to version 4.7.1

Release notes:
- https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.7.0
- https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.7.1

Also bump version in the config file to avoid warning

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 9d49df0dabcdd9135bf0b86374695b69cb4bf5b6)

6 months agoCI: remove CircleCI for now
Paul Spooren [Sat, 10 Oct 2020 01:31:01 +0000 (15:31 -1000)]
CI: remove CircleCI for now

The GitHub CI offers currenlty more architecture and the Signed-of-by
test is covered via the DOC CI test. In case GitHub ever changes
policies, we can simply switch back.

Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 26c101edc3e918be4fbfe76b3514d1c8398f7d31)

6 months agoMerge pull request #24014 from stangri/openwrt-23.05-adblock-fast
Stan Grishin [Thu, 25 Apr 2024 22:09:43 +0000 (15:09 -0700)]
Merge pull request #24014 from stangri/openwrt-23.05-adblock-fast

[23.05] adblock-fast: bugfix: unbound-related fixes

6 months agoadblock-fast: bugfix: unbound-related fixes 24014/head
Stan Grishin [Sun, 21 Apr 2024 14:06:52 +0000 (14:06 +0000)]
adblock-fast: bugfix: unbound-related fixes

* include `server:` directive at the top of unbound file
* update unbound-related outputGzip variable to include full path
* return always_nxdomain for blocked domains
* also update copyright stamp/license

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 474587a1f44db8b66caca8bdde9c2dd64b480638)

6 months agoMerge pull request #24006 from stangri/openwrt-23.05-nebula
Stan Grishin [Thu, 25 Apr 2024 21:33:12 +0000 (14:33 -0700)]
Merge pull request #24006 from stangri/openwrt-23.05-nebula

[23.05] nebula: Use APK style release number

6 months agonebula: Use APK style release number 24006/head
Sean Khan [Fri, 12 Apr 2024 16:09:59 +0000 (12:09 -0400)]
nebula: Use APK style release number

Maintainer: Stan Grishin <stangri@melmac.ca>

Run tested: aarch64, Dynalink DL-WRX36, Master Branch

Signed-off-by: Sean Khan <datapronix@protonmail.com>
(cherry picked from commit 3cbb7474c3fad4b01f8ee065b1c045c4b7fb523f)

7 months agonatmap: add log_std{out,err} options
Ray Wang [Sat, 20 Apr 2024 14:53:03 +0000 (22:53 +0800)]
natmap: add log_std{out,err} options

Introduce `log_stdout` and `log_stderr` options for managing logging output.

Signed-off-by: Ray Wang <r@hev.cc>
(cherry picked from commit 5abbd3bcb2362963a2cc49c0a9de78dd5c5af185)

7 months agonode: bump to v18.20.2
Hirokazu MORIKAWA [Wed, 24 Apr 2024 01:42:09 +0000 (10:42 +0900)]
node: bump to v18.20.2

This is a security release.

Notable Changes
* CVE-2024-27980 - Command injection via args parameter of child_process.spawn without shell option enabled on Windows

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
7 months agontpd: update to version 4.2.8p17
Paul Donald [Fri, 1 Mar 2024 20:49:30 +0000 (21:49 +0100)]
ntpd: update to version 4.2.8p17

Also some spell fixes for README.md

Drop patch-0001 - ntpd >= 4.2.8p16 patched this behaviour. See:

https://bugs.ntp.org/show_bug.cgi?id=3741 (and the linked diff there)
https://git.nwtime.org/websites/ntpwww/commit/d2a7faef2fea5f10b28cc2ee1d842e4b241f414f

Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit b2742ed05d5404d1c2cada7c51607126d19fa3f6)

7 months agouwsgi: bump to latest 2.0.25.1 release
Christian Marangi [Sun, 21 Apr 2024 15:38:24 +0000 (17:38 +0200)]
uwsgi: bump to latest 2.0.25.1 release

Bump to latest 2.0.25.1 release

Drop upstream PCRE2 patch and alarm memory leak fix.
Rework and refresh patch due to release bump.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit a9371952c916423876d3d380837b7b47ef08eb69)

7 months agouwsgi: add experimental pcre2 patch and drop pcre
Christian Marangi [Fri, 22 Sep 2023 13:39:23 +0000 (15:39 +0200)]
uwsgi: add experimental pcre2 patch and drop pcre

Add experimental pcre2 patch and drop pcre in favor of pcre2 library.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 4374c3250f424f1e57b175961adb41f24489510d)

7 months agouwsgi: bump to release 2.0.22
Christian Marangi [Fri, 22 Sep 2023 13:38:27 +0000 (15:38 +0200)]
uwsgi: bump to release 2.0.22

Bump to release 2.0.22 to make it easier to apply patch for pcre2
support.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 94ded8ff315be664a806153a94913e7fbdcd3a49)

7 months agov2ray-geodata: Update to latest version
Tianling Shen [Mon, 15 Apr 2024 07:18:04 +0000 (15:18 +0800)]
v2ray-geodata: Update to latest version

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit c1e6fbbcb06786c7f78f7a12f9bf7337e94b2160)

7 months agov2ray-geodata: Update to latest version
Tianling Shen [Thu, 4 Apr 2024 04:17:22 +0000 (12:17 +0800)]
v2ray-geodata: Update to latest version

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 06332b022937714fe465c572d7ae0c7665e7552b)

7 months agocloudflared: Update to 2024.4.0
Tianling Shen [Mon, 15 Apr 2024 05:22:56 +0000 (13:22 +0800)]
cloudflared: Update to 2024.4.0

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit d9419aeabd74f5d170483691d8a2ab0c68620fce)

7 months agotor: update to 0.4.8.10 stable
Rui Salvaterra [Tue, 7 Nov 2023 12:27:24 +0000 (12:27 +0000)]
tor: update to 0.4.8.10 stable

Bugfix release, see the changelog [1] for what's new.

[1] https://gitlab.torproject.org/tpo/core/tor/-/raw/tor-0.4.8.10/ChangeLog

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit ee8b29de2c42ffc7796cd825f38b19e56f838cd4)

7 months agoMerge pull request #23947 from mhei/23.05-php8-update-to-8.2.18
Michael Heimpold [Wed, 17 Apr 2024 18:22:55 +0000 (20:22 +0200)]
Merge pull request #23947 from mhei/23.05-php8-update-to-8.2.18

[23.05] php8: update to 8.2.18

7 months agoMerge pull request #23871 from graysky2/snort-backport-fix
Josef Schlehofer [Wed, 17 Apr 2024 11:27:41 +0000 (13:27 +0200)]
Merge pull request #23871 from graysky2/snort-backport-fix

snort3 and libdaq3: sync with master and remove symbol @HAS_LUAJIT_ARCH

7 months agoexim: update to 4.97.1
Daniel Golle [Thu, 4 Apr 2024 02:36:39 +0000 (03:36 +0100)]
exim: update to 4.97.1

IPv6 has accidentally been disabled in all Exim builds since the
package was introduced in OpenWrt due to a faulty `sed` script. This
has now been fixed, so beware that IPv6 is now enabled when updating
from previous releases.

Upstream changes since version 4.96.2 (bottom up):

JH/s1 Refuse to accept a line "dot, LF" as end-of-DATA unless operating in
      LF-only mode (as detected from the first header line).  Previously we did
      accept that in (normal) CRLF mode; this has been raised as a possible
      attack scenario (under the name "smtp smuggling", CVE-2023-51766).

JH/01 The hosts_connection_nolog main option now also controls "no MAIL in
      SMTP connection" log lines.

JH/02 Option default value updates:
        - queue_fast_ramp (main)        true (was false)
        - remote_max_parallel (main)    4 (was 2)

JH/03 Cache static regex pattern compilations, for use by ACLs.

JH/04 Bug 2903: avoid exit on an attempt to rewrite a malformed address.
      Make the rewrite never match and keep the logging.  Trust the
      admin to be using verify=header-syntax (to actually reject the message).

JH/05 Follow symlinks for placing a watch on TLS creds files.  This means
      (under Linux) we watch the dir containing the final file; previously
      it would be the dir with the first symlink.  We still do not monitor
      the entire path.

JH/06 Check for bad chars in rDNS for sender_host_name.  The OpenBSD (at least)
      dn_expand() is happy to pass them through.

JH/07 OpenSSL Fix auto-reload of changed server OCSP proof.  Previously, if
      the file with the proof had an unchanged name, the new proof(s) were
      loaded on top of the old ones (and nover used; the old ones were stapled).

JH/08 Bug 2915: Fix use-after-free for $regex<n> variables. Previously when
      more than one message arrived in a single connection a reference from
      the earlier message could be re-used.  Often a sigsegv resulted.
      These variables were introduced in Exim 4.87.
      Debug help from Graeme Fowler.

JH/09 Fix ${filter } for conditions that modify $value.  Previously the
      modified version would be used in construction the result, and a memory
      error would occur.

JH/10 GnuTLS: fix for (IOT?) clients offering no TLS extensions at all.
      Find and fix by Jasen Betts.

JH/11 OpenSSL: fix for ancient clients needing TLS support for versions earlier
      than TLSv1,2,  Previously, more-recent versions of OpenSSL were permitting
      the systemwide configuration to override the Exim config.

HS/01 Bug 2728: Introduce EDITME option "DMARC_API" to work around incompatible
      API changes in libopendmarc.

JH/12 Bug 2930: Fix daemon startup.  When started from any process apart from
      pid 1, in the normal "background daemon" mode, having to drop process-
      group leadership also lost track of needing to create listener sockets.

JH/13 Bug 2929: Fix using $recipients after ${run...}.  A change made for 4.96
      resulted in the variable appearing empty.  Find and fix by Ruben Jenster.

JH/14 Bug 2933: Fix regex substring match variables for null matches. Since 4.96
      a capture group which obtained no text (eg. "(abc)*" matching zero
      occurrences) could cause a segfault if the corresponding $<n> was
      expanded.

JH/15 Fix argument parsing for ${run } expansion. Previously, when an argument
      included a close-brace character (eg. it itself used an expansion) an
      error occurred.

JH/16 Move running the smtp connect ACL to before, for TLS-on-connect ports,
      starting TLS.  Previously it was after, meaning that attackers on such
      ports had to be screened using the host_reject_connection main config
      option. The new sequence aligns better with the STARTTLS behaviour, and
      permits defences against crypto-processing load attacks, even though it
      is strictly an incompatible change.
      Also, avoid sending any SMTP fail response for either the connect ACL
      or host_reject_connection, for TLS-on-connect ports.

JH/17 Permit the ACL "encrypted" condition to be used in a HELO/EHLO ACL,
      Previously this was not permitted, but it makes reasonable sense.
      While there, restore a restriction on using it from a connect ACL; given
      the change JH/16 it could only return false (and before 4.91 was not
      permitted).

JH/18 Fix a fencepost error in logging.  Previously (since 4.92) when a log line
      was exactly sized compared to the log buffer, a crash occurred with the
      misleading message "bad memory reference; pool not found".
      Found and traced by Jasen Betts.

JH/19 Bug 2911: Fix a recursion in DNS lookups.  Previously, if the main option
      dns_again_means_nonexist included an element causing a DNS lookup which
      itself returned DNS_AGAIN, unbounded recursion occurred.  Possible results
      included (though probably not limited to) a process crash from stack
      memory limit, or from excessive open files.  Replace this with a paniclog
      whine (as this is likely a configuration error), and returning
      DNS_NOMATCH.

JH/20 Bug 2954: (OpenSSL) Fix setting of explicit EC curve/group.  Previously
      this always failed, probably leading to the usual downgrade to in-clear
      connections.

JH/21 Fix TLSA lookups.  Previously dns_again_means_nonexist would affect
      SERVFAIL results, which breaks the downgrade resistance of DANE.  Change
      to not checking that list for these lookups.

JH/22 Bug 2434: Add connection-elapsed "D=" element to more connection
      closure log lines.

JH/23 Fix crash in string expansions. Previously, if an empty variable was
      immediately followed by an expansion operator, a null-indirection read
      was done, killing the process.

JH/24 Bug 2997: When built with EXPERIMENTAL_DSN_INFO, bounce messages can
      include an SMTP response string which is longer than that supported
      by the delivering transport.  Alleviate by wrapping such lines before
      column 80.

JH/25 Bug 2827: Restrict size of References: header in bounce messages to 998
      chars (RFC limit).  Previously a limit of 12 items was made, which with
      a not-impossible References: in the message being bounced could still
      be over-large and get stopped in the transport.

JH/26 For a ${readsocket } in TLS mode, send a TLS Close Alert before the TCP
      close.  Previously a bare socket close was done.

JH/27 Fix ${srs_encode ..}.  Previously it would give a bad result for one day
      every 1024 days.

JH/28 Bug 2996: Fix a crash in the smtp transport.  When finding that the
      message being considered for delivery was already being handled by
      another process, and having an SMTP connection already open, the function
      to close it tried to use an uninitialized variable.  This would afftect
      high-volume sites more, especially when running mailing-list-style loads.
      Pollution of logs was the major effect, as the other process delivered
      the message.  Found and partly investigated by Graeme Fowler.

JH/29 Change format of the internal ID used for message identification. The old
      version only supported 31 bits for a PID element; the new 64 (on systems
      which can use Base-62 encoding, which is all currently supported ones
      but not Darwin (MacOS) or Cygwin, which have case-insensitive filesystems
      and must use Base-36).  The new ID is 23 characters rather than 16, and is
      visible in various places - notably logs, message headers, and spool file
      names.  Various of the ancillary utilities also have to know the format.
        As well as the expanded PID portion, the sub-second part of the time
      recorded in the ID is expanded to support finer precision.  Theoretically
      this permits a receive rate from a single comms channel of better than the
      previous 2000/sec.
        The major timestamp part of the ID is not changed; at 6 characters it is
      usable until about year 3700.
        Updating from previously releases is fully supported: old-format spool
      files are still usable, and the utilities support both formats.  New
      message will use the new format.  The one hints-DB file type which uses
      message-IDs (the transport wait- DB) will be discarded if an old-format ID
      is seen; new ones will be built with only new-format IDs.
      Optionally, a utility can be used to convert spool files from old to new,
      but this is only an efficiency measure not a requirement for operation
        Downgrading from new to old requires running a provided utility, having
      first stopped all operations.  This will convert any spool files from new
      back to old (losing time-precision and PID information) and remove any
      wait- hints databases.

JH/30 Bug 3006: Fix handling of JSON strings having embedded commas. Previously
      we treated them as item separators when parsing for a list item, but they
      need to be protected by the doublequotes.  While there, add handling for
      backslashes.

JH/31 Bug 2998: Fix ${utf8clean:...} to disallow UTF-16 surrogate codepoints.
      Found and fixed by Jasen Betts. No testcase for this as my usual text
      editor insists on emitting only valid UTF-8.

JH/32 Fix "tls_dhparam = none" under GnuTLS.  At least with 3.7.9 this gave
      a null-indirection SIGSEGV for the receive process.

JH/33 Fix free for live variable $value created by a ${run ...} expansion during
      -bh use.  Internal checking would spot this and take a panic.

JH/34 Bug 3013: Fix use of $recipients within arguments for ${run...}.
      In 4.96 this would expand to empty.

JH/35 Bug 3014: GnuTLS: fix expiry date for an auto-generated server
      certificate.  Find and fix by Andreas Metzler.

JH/36 Add ARC info to DMARC hostory records.

JH/37 Bug 3016: Avoid sending DSN when message was accepted under fakereject
      or fakedefer.  Previously the sender could discover that the message
      had in fact been accepted.

JH/38 Taint-track intermediate values from the peer in multi-stage authentation
      sequences.  Previously the input was not noted as being tainted; notably
      this resulted in behaviour of LOGIN vs. PLAIN being inconsistent under
      bad coding of authenticators.

JH/39 Bug 3023: Fix crash induced by some combinations of zero-length strings
      and ${tr...}.  Found and diagnosed by Heiko Schlichting.

JH/40 Bug 2999: Fix a possible OOB write in the external authenticator, which
      CVE-2023-42115

JH/41 Bug 3000: Fix a possible OOB write in the SPA authenticator, which could
      be triggered by externally-controlled input.  Found by Trend Micro.
      CVE-2023-42116

JH/42 Bug 3001: Fix a possible OOB read in the SPA authenticator, which could
      be triggered by externally-controlled input.  Found by Trend Micro.
      CVE-2023-42114

JH/43 Bug 2903: avoid exit on an attempt to rewrite a malformed address.
      Make the rewrite never match and keep the logging.  Trust the
      admin to be using verify=header-syntax (to actually reject the message).

JH/44 Bug 3033: Harden dnsdb lookups against crafted DNS responses.
      CVE-2023-42219
      could be triggered by externally-supplied input.  Found by Trend Micro.
      CVE-2023-42115

JH/41 Bug 3000: Fix a possible OOB write in the SPA authenticator, which could
      be triggered by externally-controlled input.  Found by Trend Micro.
      CVE-2023-42116

JH/42 Bug 3001: Fix a possible OOB read in the SPA authenticator, which could
      be triggered by externally-controlled input.  Found by Trend Micro.
      CVE-2023-42114

JH/43 Bug 2903: avoid exit on an attempt to rewrite a malformed address.
      Make the rewrite never match and keep the logging.  Trust the
      admin to be using verify=header-syntax (to actually reject the message).

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit e8600462c735db5d635b872db949f2b98337de95)

7 months agocryptsetup: update to version 2.7.1
Daniel Golle [Thu, 4 Apr 2024 02:01:39 +0000 (03:01 +0100)]
cryptsetup: update to version 2.7.1

The most notable change is the introduction of (optional) support for
hardware OPAL disk encryption. However, as this requires Linux 6.4 or
later, support for OPAL is implicitely disabled until targets used for
the package build have been updated to Linux 6.6.

See release notes for 2.7.0 and 2.7.1 for more details:

https://cdn.kernel.org/pub/linux/utils/cryptsetup/v2.7/v2.7.0-ReleaseNotes
https://cdn.kernel.org/pub/linux/utils/cryptsetup/v2.7/v2.7.1-ReleaseNotes

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 54a2534cb2b7b7f53ea21d07d0c56a3e577bcf96)

7 months agolvm2: update to LVM2 2.03.17 and libdm Version 1.02.187
Daniel Golle [Thu, 4 Apr 2024 01:59:17 +0000 (02:59 +0100)]
lvm2: update to LVM2 2.03.17 and libdm Version 1.02.187

LVM2 Version 2.03.17 - 10th November 2022
=========================================
  Add new options (--fs, --fsmode) for FS handling when resizing LVs.
  Fix 'lvremove -S|--select LV' to not also remove its historical LV right away.
  Fix lv_active field type to binary so --select and --binary applies properly.
  Switch to use mallinfo2 and use it only with glibc.
  Error out in lvm shell if using a cmd argument not supported in the shell.
  Fix lvm shell's lastlog command to report previous pre-command failures.
  Extend VDO and VDOPOOL without flushing and locking fs.
  Add --valuesonly option to lvmconfig to print only values without keys.
  Updates configure with recent autoconf tooling.
  Fix lvconvert --test --type vdo-pool execution.
  Add json_std output format for more JSON standard compliant version of output.
  Fix vdo_slab_size_mb value for converted VDO volume.
  Fix many corner cases in device_id, including handling of S/N duplicates.
  Fix various issues in lvmdbusd.

DM Version 1.02.187 - 10th November 2022
========================================
  Add DM_REPORT_GROUP_JSON_STD for more JSON standard compliant output format.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 20cc530004d84c631a6d11fde0cf3dd8f55d34a3)

7 months agognunet: update to version v0.21.0
Daniel Golle [Fri, 8 Mar 2024 23:26:56 +0000 (23:26 +0000)]
gnunet: update to version v0.21.0

This release marks a noteworthy milestone in that it includes a
completely new transport layer. It lays the groundwork for fixing some
major design issues and may also already alleviate a variety of issues
seen in previous releases related to connectivity. This change also
deprecates our testbed and ATS subsystem.

This is a new major release. It breaks protocol compatibility with the
0.20.x versions. Please be aware that Git master is thus henceforth
(and has been for a while) INCOMPATIBLE with the 0.20.x GNUnet
network, and interactions between old and new peers will result in
issues. In terms of usability, users should be aware that there are
still a number of known open issues in particular with respect to ease
of use, but also some critical privacy issues especially for mobile
users. Also, the nascent network is tiny and thus unlikely to provide
good anonymity or extensive amounts of interesting information. As a
result, the 0.21.0 release is still only suitable for early adopters
with some reasonable pain tolerance.

v0.21.0:

- Reworked PEERSTORE API

- Added record flag for maintenance records

- ensure traits can be generated with subsystem-specific prefixes for
  the symbols

- libgnunettesting first major testing NG refactor towards getting
  dependency structure streamlined

- Remove single-use API macro GNUNET_VA_ARG_ENUM

- major revision of blind signature API

- Introduced closure to hold store context when caling function to add
  hello in peerstore.

- Added DDLs for handling GNUNET_PEERSTORE_StoreHelloContext

- Removed old hello functionality.

- Refactoring components under src/ into lib/, plugin/, cli/ and
  service/

- add support for encoding/decoding double values as part of JSON to
  libgnunetjson

- Changed method GNUNET_HELLO_builder_get_expiration_time to not need
  parameter GNUNET_HELLO_Builder.

- Code moved to the core package to get rid of circular dependencies.

- Moved code to testing to have more generic test setup, which can be
  used not only from within transport.

- The old hello design replaced by the new hello design.

- Added api to get notified when hellos are stored with peerstore
  service.

- Added api to store hellos with peerstore service.

- Changed new hello uri api to allow to change the expiration time

- Moved start peer command to testing subsystem.

- Removed all usage of old transport api, beside peerinfo tool,
  gnunet-transport cli and usage in transport layer itself.

- Added __attribute__((deprecated)) to the old transport API

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 31e9aea1b659b34f9cc4e11ef4811f9e773ac036)

7 months agognunet: update to version 0.20.0
Daniel Golle [Wed, 20 Dec 2023 05:01:15 +0000 (05:01 +0000)]
gnunet: update to version 0.20.0

v0.20.0:
  - GNUNET_TESTING_get_testname_from_underscore renamed to GNUNET_STRINGS_get_suffix_from_binary_name and moved from libgnunettesting to libgnuneutil
  - Move GNUNET_s into libgnunetutil.
  - re-introduce compiler annotation for array size in signature
  - function-signature adjustment due to compiler error
  - GNUNET_PQ_get_oid removed, GNUNET_PQ_get_oid_by_name improved
  - Added GNUNET_PQ_get_oid_by_name
  - added GNUNET_PQ_get_oid()
  - Added new CCA-secure KEM and use in IDENTITY encryption
  - Add KEM API to avoid ephemeral private key management
  - Add new GNUNET_PQ_event_do_poll() API to gnunet_pq_lib.h
  - Added API to support arrays in query results
  - Improve PQ API documentation.
  - API for array types extended for times
  - API extended for array query types
  - relevant array-types in queries (not results) in postgresql added
  - just style fixes, int to enum
  - initial steps towards support of array-types in posgresql
  - adds GNUNET_JSON_spec_object_const() and GNUNET_JSON_spec_array_const()

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit dbae7f9493620c6047ac53a37a1690a6041e40f7)

7 months agognunet: update to version 0.19.4
Daniel Golle [Sat, 8 Jul 2023 11:29:30 +0000 (12:29 +0100)]
gnunet: update to version 0.19.4

v0.19.4:
  - No changes

v0.19.3:
  - We now detect MySQL's strange, version-dependent my_bool type on configure.
  - Add pkg-config definitions for gnunet messenger.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit bef5da553f40eb406e84be6c2738943c0c80e461)

7 months agolibcurl-gnutls: update to verison 8.7.1
Daniel Golle [Thu, 4 Apr 2024 02:35:48 +0000 (03:35 +0100)]
libcurl-gnutls: update to verison 8.7.1

See https://curl.se/changes.html#8_7_1

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 428e9da9df4358f6893012cd60d9bd267db43ae5)

7 months agolibcurl-gnutls: fix build
Aleksey Vasilenko [Wed, 21 Feb 2024 07:34:19 +0000 (09:34 +0200)]
libcurl-gnutls: fix build

- Missing --without-nghttp3 was leaking host includes and breaking the build
- Remove or rename deprecated configure options
- Add --disable-libcurl-option to reduce package size
- Use .xz instead of .bz2 for PKG_SOURCE

Signed-off-by: Aleksey Vasilenko <aleksey.vasilenko@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 30fe2d99ab0c4826b06890c18ea34415b6820b44)

7 months agolibcurl-gnutls: update to version 8.6.0
Konstantin Demin [Thu, 1 Feb 2024 00:29:58 +0000 (03:29 +0300)]
libcurl-gnutls: update to version 8.6.0

https://curl.se/changes.html#8_6_0

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
(cherry picked from commit af748ea6915e16e91bcd8b5402e474cf745eea55)

7 months agolibcurl-gnutls: update to version 8.5.0
Daniel Golle [Wed, 20 Dec 2023 03:42:41 +0000 (03:42 +0000)]
libcurl-gnutls: update to version 8.5.0

https://curl.se/changes.html#8_5_0

Pick upstream patch to fix build with gnuTLS and verbose strings removed.
The patch should be removed with the next version bump.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit cbdd619c23d4ccaf3bca229a659f70b2bcf7ab82)

7 months agolibcurl-gnutls: update to version 8.2.1
Daniel Golle [Sat, 8 Jul 2023 11:29:13 +0000 (12:29 +0100)]
libcurl-gnutls: update to version 8.2.1

See cURL changes for details:
https://curl.se/changes.html

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 7eaa2cd28454a2ef82fad49f26c7207ecf3f7db7)

7 months agophp8: update to 8.2.18 23947/head
Michael Heimpold [Mon, 15 Apr 2024 20:05:44 +0000 (22:05 +0200)]
php8: update to 8.2.18

This fixes:
      - CVE-2024-1874
      - CVE-2024-2756
      - CVE-2024-3096

While at, switch to https download URL.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
7 months agogolang: Update to 1.21.9
Tianling Shen [Mon, 8 Apr 2024 13:12:57 +0000 (21:12 +0800)]
golang: Update to 1.21.9

go1.21.9 (released 2024-04-03) includes a security fix to the net/http
package, as well as bug fixes to the linker, and the go/types and
net/http packages.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
7 months agolighttpd: update to lighttpd 1.4.76 release hash
Glenn Strauss [Sat, 13 Apr 2024 03:06:24 +0000 (23:06 -0400)]
lighttpd: update to lighttpd 1.4.76 release hash

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit a5557a2a47f57c651dd5dc97eac40de26617de91)

7 months agoMerge pull request #23874 from stangri/openwrt-23.05-adblock-fast
Stan Grishin [Fri, 12 Apr 2024 20:39:55 +0000 (13:39 -0700)]
Merge pull request #23874 from stangri/openwrt-23.05-adblock-fast

[23.05] adblock-fast: improve Makefile's prerm

7 months agoMerge pull request #23815 from stangri/openwrt-23.05-curl
Stan Grishin [Fri, 12 Apr 2024 20:39:22 +0000 (13:39 -0700)]
Merge pull request #23815 from stangri/openwrt-23.05-curl

[23.05] curl: update to 8.7.1

7 months agolualanes: update to version 3.16.3 and use tarball
Josef Schlehofer [Tue, 5 Mar 2024 17:03:13 +0000 (18:03 +0100)]
lualanes: update to version 3.16.3 and use tarball

1. Update it to version 3.16.3
Release notes: https://github.com/LuaLanes/lanes/releases/tag/v3.16.3

2. Change to download tarball instead of checking out Git sources
In the previous commit (in the Fixes tag), it was changed to Git sources without any reason. Let's revert it back. Let's use again tagged release.

Fixes: b93e5b45b1daac827d429b51d8763226268f2b9a ("lualanes: Version bump to v3.16.2")
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 8b7040b6de0d485fa3867ff315cd30f873c49a55)

7 months agolualanes: Version bump to v3.16.2
Mark Baker [Thu, 18 Jan 2024 18:52:58 +0000 (13:52 -0500)]
lualanes: Version bump to v3.16.2

Update the PKG_VERSION and PKG_SOURCE_VERSION to pull version 3.16.2
from upstream. The upstream version includes fixes for the
`pthread_yield: symbol not found` issue.

Removed patches 100-musl-compat.patch and 200-fix-redef-error.patch
as fixes were implemented upstream.

Build tested on aarch64, arm_cortex_a15/a9, i386, mips[el]_24kc,
powerpc_464fp/8548, riscv64, x86_64. Confirmed on x86_64.

Signed-off-by: Mark Baker <mark@vpost.net>
(cherry picked from commit 08e51ab50a452d1c6217f3a6767f66146814878b)

7 months agohwdata: update to 0.379
krant [Wed, 7 Feb 2024 13:35:30 +0000 (15:35 +0200)]
hwdata: update to 0.379

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
(cherry picked from commit 9f45bfd3d5233284095a7bbe789c1f947138048c)

7 months agolibs/libdaq3: assign PKG_LICENSE_FILES 23871/head
Fabrice Fontaine [Tue, 30 Jan 2024 20:13:59 +0000 (21:13 +0100)]
libs/libdaq3: assign PKG_LICENSE_FILES

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit b2c548975de4ab3d917c78d5d405a9993965b8ad)

7 months agolibdaq3: update to 3.0.14
John Audia [Thu, 18 Jan 2024 19:13:43 +0000 (14:13 -0500)]
libdaq3: update to 3.0.14

Update to latest version.

Changelog: https://github.com/snort3/libdaq/releases/tag/v3.0.14

Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 651b7e1f92f0733c1d128a7fe3869def9f065954)

7 months agolibdaq3: update to 3.0.13
John Audia [Wed, 8 Nov 2023 21:09:27 +0000 (16:09 -0500)]
libdaq3: update to 3.0.13

Upstream bump

Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 4c05ae5f6c4e64f404fa435a63e94de381504f42)

7 months agolibdaq3: update to 3.0.11
John Audia [Wed, 28 Jun 2023 16:30:13 +0000 (12:30 -0400)]
libdaq3: update to 3.0.11

Upstream bump

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 9f2d3c5bf855773d5e5756652b640e2c0565d1a9)

7 months agosnort3: remove symbol @HAS_LUAJIT_ARCH
John Audia [Thu, 11 Apr 2024 18:10:31 +0000 (14:10 -0400)]
snort3: remove symbol @HAS_LUAJIT_ARCH

Remove symbol introduced in master to allow building.
Closes #23861

Signed-off-by: John Audia <therealgraysky@proton.me>
7 months agosnort3: update to 3.1.82.0
John Audia [Thu, 14 Mar 2024 19:14:45 +0000 (15:14 -0400)]
snort3: update to 3.1.82.0

Changelog: https://github.com/snort3/snort3/releases/tag/3.1.82.0

Removed patches/010-gcc13.patch

   ,,_     -*> Snort++ <*-
  o"  )~   Version 3.1.82.0
   ''''    By Martin Roesch & The Snort Team
           http://snort.org/contact#team
           Copyright (C) 2014-2024 Cisco and/or its affiliates. All rights reserved.
           Copyright (C) 1998-2013 Sourcefire, Inc., et al.
           Using DAQ version 3.0.14
           Using LuaJIT version 2.1.0-beta3
           Using OpenSSL 3.0.13 30 Jan 2024
           Using libpcap version 1.10.4 (with TPACKET_V3)
           Using PCRE version 8.45 2021-06-15
           Using ZLIB version 1.3.1
           Using Hyperscan version 5.4.2 2024-03-06
           Using LZMA version 5.4.6

Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit fdebb16619b84831c2624f8fd8b9b38d732bc6df)

7 months agoadblock-fast: improve Makefile's prerm 23874/head
Stan Grishin [Wed, 10 Apr 2024 23:56:43 +0000 (23:56 +0000)]
adblock-fast: improve Makefile's prerm

* improve output of Makefile's prerm routines

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 9eb61fe02da9085f1c211919af38e3c504098f61)

7 months agonode: April 3, 2024 Security Releases
Hirokazu MORIKAWA [Sun, 7 Apr 2024 02:47:53 +0000 (11:47 +0900)]
node: April 3, 2024 Security Releases

Notable Changes
* CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash- (High)
* CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium)
* llhttp version 9.2.1
* undici version 5.28.4

Changed to use gz according to main-snapshot

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
7 months agoirqbalance: update to version 1.9.4
Hannu Nyman [Fri, 5 Apr 2024 14:35:42 +0000 (17:35 +0300)]
irqbalance: update to version 1.9.4

Update irqbalance to version 1.9.4.

* refresh version in meson patch
* remove EINVAL handling patch as upstream seems to have silenced
  the log spam for unmanageable IRQs

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit b8d0049e7cb5ab5aaeb1c5517008dab4404faf6a)